Baffle, CCPA, Data, Data Protection, Don't miss, Expert Analysis, GDPR, Government, HIPAA, Hot stuff, IT Security, law, legislation, News, Policy, Privacy, regulation, USA

It’s time for a national privacy law in the US

Consumer data privacy is no longer a necessary evil but a competitive differentiator for any company participating in the global economy. The EU’s GDPR represents the world’s most comprehensive regulation for privacy best practices, holding companies to stringent standards for data collection, storage and use. US national privacy law Many countries have followed suit in recent years by adopting similarly aggressive privacy laws that reflect a greater dedication to data protection. In stark contrast, the … More

The post It’s time for a national privacy law in the US appeared first on Help Net Security.

automation, CyberAttack, cybersecurity, Don't miss, Expert Analysis, Hot stuff, Internet of Things, IT Security, News, Penetration Testing, Scanning, security testing, threats, TrustWave, Vulnerability

Addressing the lack of knowledge around pen testing

The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will be so difficult and time consuming that all but the most elite nation-state level threat actors will give up and go search of easier prey. Penetration testing is one of the most effective methods for achieving this level of security. A team of ethical hackers can discover and close … More

The post Addressing the lack of knowledge around pen testing appeared first on Help Net Security.

Comcast, Consumer, CUJO AI, Don't miss, Featured news, Features, Hot stuff, Internet of Things, ISP, IT Security, News, security awareness, smart home, Threat Detection, threats

Securing the connected home: A joint task for homeowners and their ISP

As COVID-19 spread over the world and nations and businesses adapted to minimize citizens’ and employees’ personal interactions to help contain the infection, a greater than ever number of people stayed at and worked from home. As expected, this necessary adaptation did not go unnoticed by cyber criminals. “We just recently launched the first Xfinity Cyber Health Report which combines data from a new consumer survey with actual threat data collected by our artificial-intelligence-powered xFi … More

The post Securing the connected home: A joint task for homeowners and their ISP appeared first on Help Net Security.

Coronavirus, cybersecurity, digital transformation, Experian, Featured news, Fraud, IT Security, News, predictions, threats, trends

Five emerging fraud threats facing businesses in 2021

With the growing threat of fraud fueled by the digital acceleration that took place in 2020, Experian revealed five emerging fraud threats facing businesses in 2021. The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses. In fact, from January 2020 to early January 2021, the Federal Trade … More

The post Five emerging fraud threats facing businesses in 2021 appeared first on Help Net Security.

Center for Internet Security, Cyber Espionage, CyberAttack, cybersecurity, disruption, Don't miss, guide, IT Security, News, remote working, Spotlight, video conferencing

Top videoconferencing attacks and security best practices

Videoconferencing has become a routine part of everyday life for remote workers, students, and families. Yet widespread adoption of this technology has also attracted nefarious characters whose motivations can range from simple disruption to full-out espionage. It’s important to understand these threats and how secure configuration of videoconferencing systems can improve the overall security of an organization and individual everyday users. Common videoconferencing attacks Making sure your videoconferencing technology is set up securely can help … More

The post Top videoconferencing attacks and security best practices appeared first on Help Net Security.

Industry news, IT Security, TP-LINK

TP-Link’s latest networking offerings provide an easy to manage and secure home networking experience

TP-Link introduced its latest networking offerings. The award-winning Deco now comes with voice built-in, while the Deco Mesh WiFi 6E and Archer router takes your WiFi to new levels. TP-Link’s 10G router and switch ensures the best connections possible, along with the 5G WiFi gateway Deco X80 and the HomeShield premium security service provide a blazing fast, easy to manage, and ultra-secure home networking experience for consumers and businesses. Deco WiFi 6 Mesh with voice … More

The post TP-Link’s latest networking offerings provide an easy to manage and secure home networking experience appeared first on Help Net Security.

Data Breaches, IT Security, Ubiquiti breach

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.

The statement continues:

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”

Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.

The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.

This has become a sticking point for many Ubiquiti customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months.

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices,” wrote one Ubiquiti customer today whose sentiment was immediately echoed by other users. “A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”

To manage your security settings on a Ubiquiti device, visit https://account.ui.com and log in. Click on ‘Security’ from the left-hand menu.

1. Change your password
2. Set a session timeout value
3. Enable 2FA

Image: twitter.com/crosstalksol/

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.

This is a developing story that may be updated throughout the day.

data collection, Facebook, IT Security, Privacy, Uncategorized, WhatsApp

Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with.

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes:

  • User phone numbers
  • Other people’s phone numbers stored in address books
  • Profile names
  • Profile pictures and
  • Status message including when a user was last online
  • Diagnostic data collected from app logs

Under the new terms, Facebook reserves the right to share collected data with its family of companies.

Cyber security, GDPR compliance, IT Risk Management, IT Security, IT Security Governance

Facial recog biz denies its software identified ‘antifa members’ among mob that stormed Capitol Hill

Plus: US ban on selling AI code to China renewed for 2021, and Jim Keller hired by Canadian AI chip startup

In brief  The facial recognition company said to have identified antifa members among rioters who ransacked Capitol Hill last week denied that its technology had ever done such a thing.…

CISO, cybersecurity, Don't miss, education, Expert Analysis, Expert corner, Hot stuff, Innovation, IT Security, News, Opinion, security awareness, strategy, Training, VIVIDA

Strike a chord: What cybersecurity can learn from music

I recently watched my team composing some music for a cybersecurity awareness project and using it to take an immersive Dark Web Mission Control Centre to a whole new level. It got me thinking about what we – i.e., the cybersecurity industry – can learn from music. Music is a massive part of popular culture and is universally loved across the globe. Conversely, cybersecurity is inapproachable and abstract to most people and is often seen … More

The post Strike a chord: What cybersecurity can learn from music appeared first on Help Net Security.